Executive Summary : | The Internet of Things (IoT)-based Critical Infrastructure (CI) system aims to improve monitoring, control, and service quality for end users and systems. However, security and privacy challenges persist due to vulnerabilities observed at multiple layers of the IoT system. Cyber attackers use various objectives, such as stealing sensitive information, damaging system processes, and exposing sensitive information. Advanced persistent threats (APT) are increasingly being targeted, causing damage or disruption to key functionalities and stealing sensitive information. Existing APT detection techniques have poor accuracy, high false alarm rates, low generalizability, and are unable to detect new attacks, such as 0-day attacks. This research proposal proposes a novel framework for intelligent cyber threat detection and forensic analysis for real-time APT attack detection. The proposed framework uses provenance data from the system log of the targeted host to identify system entities and events, and derives contextual information for graph embedding process design and pruning of redundant nodes. A dynamic graph CNN with local graph stream sampling approach will be designed for accurate detection of advanced cyber threats. An explainable AI-based scheme will be used for forensic analysis and tracing of APT attacks. |